24

Stop sending passwords in plain text via email. Just stop already. If you don't know how to implement a secure alternative, hire a fucking consultancy to assist you.

Fuck. The next time I purchase from you and I get my password in plain text anywhere, I'm immediately demanding a refund and taking my money elsewhere.

Just fucking stop.

Comments
  • 8
    @No-one not send it at all?
  • 0
    @darkcode You mean when you forgot your password and they send it in plain text to your email ?
  • 4
    @No-one just let the user register like on any other platform. What's the problem with that?
  • 1
    @samfreeman05 no I just purchased and the platform decided they would set me up with an account, so they sent username and password in an email for my account

    @pt300 has it right here

    @No-one no, I wasn't referring to client credentials management, but since you brought it up, I advise my clients to use a password manager and use the built in share functionality that they all have to send credentials my way.
  • 0
    I use RSA 4096 bit. works well for me
  • 1
    @jackgreen yep definitely not too long lol
  • 0
    @SirWindfield haha. not at all!
  • 0
    @jackgreen as far as I know, banks use 2048, you use double that. Not sure if the extra time is worth the security, cracking 2048 takes long enough...
  • 2
    @SirWindfield yeah I know, I was just kidding. paranoid security measures are fun though sometimes🙄
  • 2
    @jackgreen *generates 9182 bit key*
  • 0
    Dude. It's a TEMPORARY PASSWORD sent over a sha-256 encryption to a new source.

    Now that fucking hard. Force users to reset on the platform.

    Don't see the issue. Stupid rant because you clearly don't understand the architecture of the platform.

    *NOTE I may be wrong and this tiny douche company likely doesn't even encryption passwords on their shit old Apache server. In that case, I suggest teaching a lesson.

    Clone their exposed table and email it to them.
  • 3
    @riverForce Not to be a grammar nazi or anything but what do you mean with the first paragraph? SHA256 is a hashing algorithm, not encryption.

    But yeah, my current company for hosting tiny vps's does this :(
  • 0
    @riverForce no force reset first time logging in. No mention of temp in email.

    It's bad practice. Stfu and stop raining on my rant.
Add Comment